External/patterns
1
0
Fork 0
mirror of https://github.com/fabriziosalmi/patterns.git synced 2025-12-29 16:15:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update: [Sun Dec 29 23:20:18 UTC 2024]

Browse Source
This commit is contained in:
github-actions[bot]
2024-12-29 23:20:18 +00:00
parent 36f08db3eb
commit 3760d3dcde
35 changed files with 17042 additions and 1242 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
waf_patterns/apache/shells.conf
View File

@@ -18,10 +18,10 @@ SecRule REQUEST_URI "@rx ^<!DOCTYPE html>n<html>n<!-- By Artyum .*<title>Web She
SecRule REQUEST_URI "@rx <title>lama's'hell v. [0-9.]+</title>" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
SecRule REQUEST_URI "@rx ^ *<html>n[ ]+<head>n[ ]+<title>lostDC -" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
SecRule REQUEST_URI "@rx ^<title>PHP Web Shell</title>rn<html>rn<body>rn <!-- Replaces command with Base64-encoded Data -->" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
SecRule REQUEST_URI "@rx ^<html>n<head>n<div align=" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
SecRule REQUEST_URI "@rx ^<html>n<head>n<div align="left"><font size="1">Input command :</font></div>n<form name="cmd" method="POST" enctype="multipart/form-data">" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
SecRule REQUEST_URI "@rx ^<html>n<head>n<title>Ru24PostWebShell -" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
SecRule REQUEST_URI "@rx <title>s72 Shell v[0-9.]+ Codinf by Cr@zy_King</title>" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
SecRule REQUEST_URI "@rx ^<html>rn<head>rn<meta http-equiv=" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
SecRule REQUEST_URI "@rx ^<html>rn<head>rn<meta http-equiv="Content-Type" content="text/html; charset=gb2312">rn<title>PhpSpy Ver [0-9]+</title>" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
SecRule REQUEST_URI "@rx ^ <html>nn<head>nn<title>g00nshell v[0-9.]+" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
SecRule REQUEST_URI "@contains <title>punkholicshell</title>" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
SecRule REQUEST_URI "@rx ^<html>n <head>n <title>azrail [0-9.]+ by C-W-M</title>" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
@@ -30,7 +30,7 @@ SecRule REQUEST_URI "@rx ^<html>n<title>.*? ~ Shell I</title>n<head>n<style>" "i
SecRule REQUEST_URI "@rx ^ <html><head><title>:: b374k m1n1 [0-9.]+ ::</title>" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
SecRule REQUEST_URI "@contains <h1 style=" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
SecRule REQUEST_URI "@contains <h1 style="margin-bottom: 0">webadmin.php</h1>" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"